From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jamie Lavigne <lavignen@amazon.com>
Subject: [PATCH v2] Correctly handle malloc_elem resize with
	padding
Date: Wed, 31 May 2017 00:16:58 +0000
Message-ID: <1496189818-2307-1-git-send-email-lavignen@amazon.com>
References: <1496189340-27813-1-git-send-email-lavignen@amazon.com>
Mime-Version: 1.0
Content-Type: text/plain
Cc: Jamie Lavigne <lavignen@amazon.com>
To: <dev@dpdk.org>
Return-path: <dev-bounces@dpdk.org>
Received: from smtp-fw-6002.amazon.com (smtp-fw-6002.amazon.com [52.95.49.90])
 by dpdk.org (Postfix) with ESMTP id 06FDF7D97
 for <dev@dpdk.org>; Wed, 31 May 2017 02:17:13 +0200 (CEST)
Received: from EX13MTAUWA001.ant.amazon.com
 (iad55-ws-svc-p15-lb9-vlan3.iad.amazon.com [10.40.159.166])
 by email-inbound-relay-71001.iad55.amazon.com (8.14.7/8.14.7) with ESMTP id
 v4V0H407032481
 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL)
 for <dev@dpdk.org>; Wed, 31 May 2017 00:17:07 GMT
In-Reply-To: <1496189340-27813-1-git-send-email-lavignen@amazon.com>
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Currently when a malloc_elem is split after resizing, any padding
present in the elem is ignored.  This causes the resized elem to be too
small when padding is present, and user data can overwrite the beginning
of the following malloc_elem.

Solve this by including the size of the padding when computing where to
split the malloc_elem.

Signed-off-by: Jamie Lavigne <lavignen@amazon.com>
---
 lib/librte_eal/common/malloc_elem.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/librte_eal/common/malloc_elem.c b/lib/librte_eal/common/malloc_elem.c
index 42568e1..8766fa8 100644
--- a/lib/librte_eal/common/malloc_elem.c
+++ b/lib/librte_eal/common/malloc_elem.c
@@ -333,9 +333,11 @@ malloc_elem_resize(struct malloc_elem *elem, size_t size)
 	elem_free_list_remove(next);
 	join_elem(elem, next);
 
-	if (elem->size - new_size >= MIN_DATA_SIZE + MALLOC_ELEM_OVERHEAD){
+	const size_t new_total_size = new_size + elem->pad;
+
+	if (elem->size - new_total_size >= MIN_DATA_SIZE + MALLOC_ELEM_OVERHEAD) {
 		/* now we have a big block together. Lets cut it down a bit, by splitting */
-		struct malloc_elem *split_pt = RTE_PTR_ADD(elem, new_size);
+		struct malloc_elem *split_pt = RTE_PTR_ADD(elem, new_total_size);
 		split_pt = RTE_PTR_ALIGN_CEIL(split_pt, RTE_CACHE_LINE_SIZE);
 		split_elem(elem, split_pt);
 		malloc_elem_free_list_insert(split_pt);
-- 
2.7.3.AMZN